Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy Vulnerability in FjordPoints.sol::claimPoints()

sidhack3r11

Summary

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordPoints.sol

The claimPoints() function is susceptible to reentrancy attacks, where malicious contracts could exploit it to mint more tokens than intended.

Vulnerability Details

The function claimPoints() updates pendingPoints and then mints tokens to the caller. If a malicious contract calls claimPoints() and reenters before pendingPoints is reset, it can mint additional tokens during the reentrant call. This is due to the function’s state changes occurring after the external call, making it vulnerable to reentrancy attacks.

Proof of Concept (PoC):

contract Attacker {
FjordPoints public fjordPoints;
constructor(address _fjordPoints) {
fjordPoints = FjordPoints(_fjordPoints);
}
function attack() external {
fjordPoints.claimPoints(); // Trigger the claimPoints function
}
// Fallback function to exploit reentrancy
receive() external payable {
fjordPoints.claimPoints(); // Reenter the function to claim more points
}
}

Impact

High. An attacker could repeatedly exploit this vulnerability to mint excessive tokens, undermining the contract’s integrity and causing financial loss.

Tools Used

Manual Review

Recommendations

Implement a reentrancy guard or apply the Checks-Effects-Interactions pattern to mitigate the risk. Example:

bool private locked;
modifier nonReentrant() {
require(!locked, "Reentrancy detected");
locked = true;
_;
locked = false;
}
function claimPoints() external nonReentrant checkDistribution updatePendingPoints(msg.sender) {
// function body
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.